Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?



  • Put your hand on your heart and tell me the truth: did anybody, anytime, managed to get StrongVPN to play nice with pfSense? I can get the tunnel up and running OK, I seem to have no detectable DNS leaks - and yet Primevideo somehow detects that I am not in the USA.
    I have spent so much time on this issue that I'd happily give $100 to anybody who can get this to work on my LAN.
    What drives me crazy, is that the StrongVPN software client, when run directly on the target machine, established a perfectly tight tunnel and fools Primevideo appropriately. However the same tunnel on pfSense is exposed as non-USA. Did anybody resolve this?
    (I should say that the StrongVPN client is good enough for Windows and Android. It is of no use for AppleTV, which makes it necessary to move the tunnel entry to the gateway).



  • Sorry, but why should anybody support this? That said, you can always study pcap traces.



  • Oh, very simple. Streaming services restrict viewing by "geofencing". If you are in Europe, you are out of luck. Even if you are prepared to pay a surcharge, you just cannot access the service. I guess that they consider the market for original-language content in non-English-speaking country as too small to justify the license expenses.

    VPN subscription services provide a workaround. No laws are broken, no piracy is being committed, no intellectual property rights are being disregarded, fees are being paid to Netflix (which otherwise would be lost), and nobody is financially or otherwise harmed. As for me, I want my children to enjoy original content, so that they will learn some English in the process.

    Now back to the original question: Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?



  • i subscribe to Proton and i can confirm it works with Netflix but not Amazon Prime.

    you have to have the 96 dollar a year plan FYI



  • @aagaag I don't know for sure but what I have seen in various forums, is that NetFlix (or whatever) invest a great deal of time determining what IP address are exit points from a VPN, and block those IP address. I can't remember the name, but I believe there is a DNSBL that lists id blocking VPNs.

    Have you considered setting up your own VPN on a cloud server? Shouldn't need much in the way of resources, and there are some really cheap servers that should do the job.



  • @bcruze thanks, but can you elaborate? Does the "96 dollar a year plan" refer to Proton?



  • @guardian: can you please elaborate? I am intrigued by the idea of setting up my own VPN on a cloud server, but I know nothing about that. What are the implications (also financially)? Thanks!



  • @aagaag said in Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?:

    @guardian: can you please elaborate? I am intrigued by the idea of setting up my own VPN on a cloud server, but I know nothing about that. What are the implications (also financially)? Thanks!

    What is your goal for the VPN? I'm assuming you are outside the US and want to watch US content).

    If you are US based, then you might consider making routing changes to just bypass the VPN for the services you want to watch. I've seen comments on this board about how to do it. You end up creating an alias with a long list of IP blocks, and firewall rules to route any traffic to those IP addresses directly instead of throught he VPN. AFAIK all the traffic is encrypted, so your ISP only knows you are watching NetFlix, but not what you are watching. You may have occasional breakages if the provider makes network changes. (Easy to fix, but inconvenient, as you need to look at the logs to see what is getting blocked, find the new IP block and update your alias list).

    It depends on why you are using a VPN. If it's to hide torrenting, then you DON'T want to do that as you are the only traffic going through the server. If it is to remove geographic restrictions and you aren't worried about identity protection, then setting up a server should be fine. Just get a cheap VPS (Digital Ocean, Vultr, or just google 'cheap vps' and you will find lots of other choices). About $5/Month should get you a server that is more than powerful enough with a TB of monthly bandwidth. If you need 2TB, then it will run about $10/Mo.

    Just spin up linux, instal OpenVPN and add some routing to send whatever traffic comes in back out and you should be good to go. If it is for this specific purpose, you could even make things simpler and just use an ssh tunnel.

    Hope that helps.



  • @guardian Dear Guardian, I think that what you suggest is exactly what I have with StrongVPN. Both in terms of service and of price. I have a tunnel to USA, but somehow Prime still detects my geolocation. What drives me crazy, is that StrongVPN offers an installable client software for both Android and Windows, and if I install that client then everything works. However, my goal is to do the whole shenanigan with pfSense, and get rid of the client (inter alia because the client cannot be installed on AppleTv).
    And yes, I do not care about privacy, and I do not do torrents!



  • @aagaag said in Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?:

    @guardian Dear Guardian, I think that what you suggest is exactly what I have with StrongVPN. Both in terms of service and of price. I have a tunnel to USA, but somehow Prime still detects my geolocation. What drives me crazy, is that StrongVPN offers an installable client software for both Android and Windows, and if I install that client then everything works. However, my goal is to do the whole shenanigan with pfSense, and get rid of the client (inter alia because the client cannot be installed on AppleTv).
    And yes, I do not care about privacy, and I do not do torrents!

    @aagaag I think (but don't know for 100% sure) the issue is that the "well known" VPNs have been mapped and blacklisted. I don't know if VPS providers are banned or not. If not what I'm suggesting should work. I haven't watched this carefully, but I think this should give you a good hint how to set things up:

    Linux Server Build: OpenVPN From Scratch - Hak5 2019
    Youtube Video

    There are several other videos by HAK5 on VPNs as well that might be helpful. When I searched youtube, they were all in the list.

    Good luck.



  • @aagaag said in Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?:

    @bcruze thanks, but can you elaborate? Does the "96 dollar a year plan" refer to Proton?

    https://protonvpn.com/pricing

    https://protonvpn.com/support/watch-netflix-with-vpn/

    this works with Netflix NOT amazon prime video



  • Has anyone successfully used their own VPN on a cloud server?



  • @aagaag

    "VPN subscription services provide a workaround.... fees are being paid to Netflix (which otherwise would be lost), and nobody is financially or otherwise harmed.

    -Absolutely!

    Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?

    -It might be worthwhile to ask on this forum; https://www.reddit.com/r/NetflixViaVPN/



  • @gobbagu said in Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?:

    @aagaag

    "VPN subscription services provide a workaround.... fees are being paid to Netflix (which otherwise would be lost), and nobody is financially or otherwise harmed.

    -Absolutely!

    Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?

    -It might be worthwhile to ask on this forum; https://www.reddit.com/r/NetflixViaVPN/

    Actually someone may be being harmed. Royalties are due based on geographic distribution agreements and as a result not all content may be legally distributed in all geographic areas, or if they are distributed in multiple areas, it is quite possible that different entities get paid.

    Having said that, if they don't make their content available, they get what they deserve if someone uses technical methods to get it from another jurisdiction.



  • Netflix and others keep track of the VPN Exit nodes. They also know the IP Ranges of VPS providers, so rolling your own DNS or VPN Server will fail, too.
    However, they cannot block ISP IP Ranges in the US. If you have friends and family in the US you could do the following:

    Give your friends some $$$ so they can upgrade their Internet Plan to something with a decent upload bandwidth (10 - 20 Mbit/sec) - whatever works for watching HD TV ...

    Purchase a small Netgate Appliance (SG-1000 will do) and configure an OPEN VPN or IPSEC Server on a stick. Connect it to your friends router and setup port forwarding on the router so that you can access your VPN Server at your friends house.

    At your overseas location setup pfsense and establish a VPN Connection to your friends house ... You could set up a VLAN for your Media Player of choice....



  • I had Netflix working with Witopia (openVPN) but only certain exit nodes.
    Was never able to make it work with StrongVPN.
    Amazon Prime did not work with the same node as Netflix, but did occasionally work with an alternate.
    L2TP worked fine for both services.

    Currently in a location with DPI blocking most domestic VPN, so now none of these options are viable.

    SmartDNS provider UnoTelly working for Amazon, but not Netflix.

    It's all very frustrating - I thought television was the new 'opium for the masses'...



  • @awair I am interested in your comment that L2TP worked fine for both services. Did you use pfSense to establish the L2TP tunnel? I am not hung up on OpenVPN and I could use L2TP. However, I had understood from another thread that the L2TP implementation of pfSense is not meant to be used with a public VPN provider, and that it would be impossible to make it work. If you did, would you be able to share the parameters that you used?



  • @aagaag said in Did anybody ever get StrongVPN/Primevideo/Netflix to work with pfSense?:

    @awair I am interested in your comment that L2TP worked fine for both services. Did you use pfSense to establish the L2TP tunnel? I am not hung up on OpenVPN and I could use L2TP. However, I had understood from another thread that the L2TP implementation of pfSense is not meant to be used with a public VPN provider, and that it would be impossible to make it work. If you did, would you be able to share the parameters that you used?

    AFAIK the issue with L2TP is simply that it is not secure. If it's just for Netflix traffic, it shouldn't be an issue.



  • @aagaag Sorry, never with pfsense, although I did find a tutorial that stated it could be used with Tomato, which gave me some hope.

    Two links, both very similar:
    https://www.safervpn.com/support/articles/115001428485-Manual-L2TP-Setup-for-Tomato-Router
    https://www.limevpn.com/how-to-use/tomato-routers-l2tpip-sec-setup-instructions/

    This didn't work for me, because I have a Static IP (over PPPoE). The setup requires the main (WAN) internet connection to be setup as L2TP. Sounded logical (from a newbie perspective) but improbable (with a little knowledge).

    Since both links are from the relevant support teams of VPN providers, maybe it does work, and these similar settings could be applied to pfsense?

    http://pfsense.local/interfaces.php?if=wan offers an IPv4 Configuration Type option of L2TP.

    If I had a 2nd WAN, I would try it, but think it may also fail if your connection is PPPoE?

    Maybe the gurus can help explain (but keep it simple, please?)

    Many thanks.


  • Banned

    This post is deleted!

Log in to reply